msf: small webaudit shell script

[m-1-k-3]

Hey guys,

a while ago I've postet the first release of a small script for auditing webservers ... now the 2nd release with some small improvements and some bugfixes is available.

It's a bash script which automates the basic metasploit (wmap) auditing stuff for a huge number of webservers ... quite nice to work with on a pentest where you are fighting with some more webservers ...

The script is quite easy but in my opinion very usefull on pentests with lots of servers ...

# Webserver version:
Metasploit Auxiliary Mode: auxiliary/scanner/http/http_version

# Webserver options:
Metasploit Auxiliary Mode: auxiliary/scanner/http/options

# write access
Metasploit Auxiliary Mode: auxiliary/scanner/http/writable

# searching for directories:
Metasploit Auxiliary Mode: auxiliary/scanner/http/wmap_dir_scanner

# searching for files
Metasploit Auxiliary Mode: auxiliary/scanner/http/wmap_files_dir

# analysing ssl ciphers
Metasploit Auxiliary Mode: auxiliary/scanner/http/wmap_ssl

# Nikto webaudit

have fun and feedback would be great ...

Download: basic Webaudit script v0.2 | www.s3cur1ty.de

hf
m-1-k-3

[bostonlink]

Nice m1k3,

seems like a good tool can't wait to review the source and test it out. Thanks for the post.

[chap0]

m-1-k-3 Thanks for posting this script will come in handy and be very useful. Cannot wait to test it out.

[testbot]

has anyone had a chance to check out the source and test this yet? just curious to know how this ended up turning out.

[arimogi]

what a nice freshly idea,,, good work m-1-k-3... keep onward and upward...